#!/bin/sh

## Please make changes in /etc/firewall.user

. /etc/functions.sh
WAN=$(nvram get wan_ifname)
LAN=$(nvram get lan_ifname)
WL=$(nvram get wl0_ifname)

. /etc/default/charon
. /etc/charon/hosts.sh

  iptables -t nat -F charon-prerouting

# permit walled garden
  iptables -t nat -A charon-prerouting -p tcp -d ${CHARON_NET}.1 --dport 80 -j DNAT --to-destination ${CHARON_NET}.1:81

hostget wiki.rcpt.to mikolaj.cx mikolaj.cc www.paypal.com www.paypalobjects.com

for targ in $HOSTS $CHARON_FF; do
  for port in 80 443 8080; do
    iptables -t nat -A charon-prerouting -p tcp -d $targ --dport $port -j RETURN
  done
done

# nat everything else
iptables -t nat -A charon-prerouting -m mark --mark 0x2000/0x3000 -p tcp -j DNAT --to-destination 198.142.76.162:8080

  iptables -F charon-filter

for targ in $HOSTS $CHARON_FF; do
  for port in 80 443 8080; do
    iptables -A charon-filter -s $targ -p tcp --sport $port -j RETURN
    iptables -A charon-filter -d $targ -p tcp --dport $port -j RETURN
  done
done

iptables -A charon-filter -i $WL -m mark --mark 0x2000/0x3000 -p tcp --dport 80 -j RETURN
iptables -A charon-filter -j REJECT
